Security

Will hashed encryption key work on a rsync'ed system

Thuan
Explorer

Hello, Systems in a COOP'ed environment are rsync'ed from the original systems. As the COOP systems are rsync'ed, the config files include the hashed value of the encryption key. Question: when the COOP systems are activated, will the encryption work as it was in the original environment?
Thank you.

0 Karma

starcher
SplunkTrust
SplunkTrust

If you mean the keys such as password for SSL and others for clustering from inputs.conf and server.conf those are based on the $SPLUNK_HOME/etc/auth/splunk.secret. The Splunk instances need to all share that splunk.secret for the values to decrypt properly. If you did not have splunk.secret in place before starting Splunk the first time you could have to test to make sure you don't miss copying all possible files that are encrypted using it.

I often will take splunk.secret from a cluster master and place it on cluster nodes before starting them the first time. This ensures all cluster members share the same secret and configs can just have the encrypted value in the files.

lguinn2
Legend

I don't know how many people are aware that COOP stands for "Continuity of Operations"

0 Karma

Thuan
Explorer

Sorry about using the words COOP systems. This pertains to the federal sector as this refers to systems that are set up for the purpose of disaster recovery. An answer to the question that has been asked will be much appreciated.
Thank you

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!